- Email: [email protected]
Social Media Policies for Employers and Employees: Regulatory and Statutory Considerations
Social Media Policies for Employers and Employees: Regulatory and Statutory Considerations Dann W. Brown, JD, RN, CPPS, CPHRM, FASHRM To prevent negative posts on social media by employees, some organizations have developed social media policies. But creating effective policies designed to control employees’ online activities requires an understanding of the current laws regarding social media and the responsibilities of both employees and employers. This article provides an up-to-date analysis of the relevant regulations and statutes that will guide leaders who are creating or revising their social media policies.
S
ocial media are the “forms of electronic communication through which users create online communities to share information, ideas, personal messages, and other content” (Merriam-Webster, 2015). These forms of communication have become conduits for public discourse about almost any issue, including grievances related to the workplace. For virtually no cost, social media allow one or two dedicated people to post content that can have a devastating impact. Factual accuracy is not a prerequisite. Understandably, employers are concerned about preventing negative posts, and some have developed social media policies to control employees’ online activity. Certain elements of these policies define how employees should identify their affiliation with the organization, the tone of language they should use, and limitations on the type of information an employee may share. Often, these policies are drafted without an awareness of the relevant statutes and regulations; however, even a well-intentioned statement indicating that all postings should use a civil tone can run afoul of a statute. Suppose a staff nurse shows a manager a printout of a social media posting by another nurse. The post reads: “My boss is INCOMPETENT! Who assigns a nurse eight patients down three different hallways???” The printout also shows other employees liked the post. The manager has several questions to consider. Is the facility mentioned by name? Can the employer otherwise be identified? Does the post violate the organization’s social media policy? Is the post offensive? Is it insubordinate? Should the organization respond to the post? If so, how and who should respond? Should the manager take action against the nurse? If so, what action is appropriate? Did the nurse violate patient privacy? Did the nurse violate the state nurse practice act (NPA)? Is the nurse’s speech protected? Can the poster claim other legal protections? What,
Volume 6/Issue 4 January 2016
if anything, should be done about the employees who liked the post? These are just a few of the questions that should be considered when an organization is drafting a policy or is made aware of posts by employees. Although policies should address multiple types of postings, this article will focus on negative postings by employees.
Federal Stored Communications Act Often, courts determine that sharing communications with a third party relinquishes the expectation of privacy. Because almost all e-mail is transmitted through and stored by an outside company, the design of the system automatically turns over all communications to a third party. Thus, a court that applied this traditional reasoning would likely rule that all e-mail communication is unprotected. To prevent such rulings, Congress enacted the Federal Stored Communications Act (SCA) (18 U.S. Code, 2010, Chapter 121 §§ 2701–2712) to reflect the current reality of electronic communications and ensure that the technical nature of the operating systems did not create an automatic erosion of protections. The SCA also limits the ability of Internet service providers to turn over communications to nongovernment entities (18 U.S. Code, 2010, Chapter 121 § 2702) and prevents employers from improperly accessing the private accounts of employees (18 U.S. Code, 2010, Chapter 121 § 2707). The statute explicitly provides a private right to action to recover damages and reasonable legal fees if a violation occurs (18 U.S. Code, 2010, Chapter 121 § 2707). The application of the SCA to social media communications was addressed in Ehling v. Monmouth-Ocean Hospital (2012; Table 1). In this case, the plaintiff had the privacy settings for her Facebook page set so only friends could see it. The plaintiff www.journalofnursingregulation.com
45
TABLE 1
Significant Legal Decisions Case
Jurisdiction
Importance of the Decision
American Medical Response of Connecticut
NLRB
NLRA applies to social media postings.
Costco Wholesale Corporation
NLRB
Precedential case for applicability to social media.
Doe v. Guthrie Clinic
2nd Circuit
Dissenting opinion: Corporations liable for privacy breach despite employee acting outside scope of employment.
Ehling v. Monmouth-Ocean Hospital
U.S. District Court NJ
Facebook postings are covered by the SCA.
Karl Knauz Motors Inc.
NLRB
Courtesy provisions ran afoul of the NLRA.
Martin Luther Memorial Home Inc.
NLRB
Test for determining NLRA protections.
McKesson Corporation
NLRB
Savings clause is not enough to save an otherwise unlawful policy.
Meyers Industries
U.S. District Court DC
Employee behavior can relinquish NLRA protections.
Pier Sixty LLC
NLRB
Use of profanity does not automatically relinquish NLRA protections.
Pietrylo v. Hillstone Restaurant Group
U.S. District Court NJ
Passwords are protected for employees’ private accounts.
Tasker Healthcare Group
NLRB
Individual gripes are not protected by the NLRA.
Triple Play Sports Bar
NLRB and 2nd Circuit
Use of the "like" button can be considered concerted activity.
Note. NLRB = National Labor Relations Board; NLRA = National Labor Relations Act; SCA = Federal Stored Communications Act
included several coworkers but none of her managers as friends. Without her knowledge, a friend was taking screenshots of her posts and sending them to management. When she was disciplined for her posts, she filed suit claiming that the hospital violated the SCA by improperly accessing her Facebook account. The court found in favor of the hospital because it did not have an active role in obtaining the information. However, the court did hold that nonpublic Facebook wall posts are covered by the SCA. The court stated that because the plaintiff chose privacy settings limiting access to her Facebook friends that her wall posts were covered by the SCA. The following three features of this case are important: 1. The SCA can be applied to social media postings. 2. The critical question in determining applicability is whether the user took steps to limit access to the information on his or her Facebook walls. 3. The hospital did not obtain the information nor cause it to be obtained. The last aspect should be included in the training of every organization leader. Any actions by leaders to access information or to cause information to be accessed on their behalf can jeopardize the defense to an SCA claim. Employers should also be mindful when using unsolicited information because the question of responsibility for obtaining it would likely rest on the testimony of the employee who provided it.
46
Journal of Nursing Regulation
Password Protection Laws At the time of this writing, 15 states have enacted some form of password protection statute, prohibiting employers from requiring their employees or applicants to provide passwords to personal accounts or to “friend” them. Eleven other states have current proposals, and 14 more had their efforts fail or die in committee. Only one state, Arkansas, has seen an attempt to repeal or curtail such a statute (Chokshi, 2015). Pietrylo v. Hillstone Restaurant Group (2008) was one of the first cases to address an employer’s use of employees’ passwords. Two employees created a password-protected MySpace page that they used as a forum for grievances against their employer. They invited some coworkers to join the page, but no managers. Management became aware of the site when one of the invited employees showed them a posting. Management twice requested the user ID and password from one of the employees, and eventually she obliged. Management logged into the site a few times and subsequently fired the two site creators for damaging employee morale and violating the restaurant’s core values. The central issue at trial was whether the employee was coerced into giving up the user ID and password. The employee testified that she felt pressured to hand over the information. The jury found in favor of the employee, and the decision was upheld. Although this case was not released for publication, it serves as a warning to employers to tread carefully when using social media as an element of a personnel investigation. Even if an employee provides password information, the employer cannot prevent the employee from subsequently stating that he or
she felt pressured to provide it. Without reliable evidence that an employee is damaging the employer’s interests, passwordprotected sites should be left alone. If damaging information is posted and the employer asks for access, a later claim of coercion by the employee may be weakened, though this approach is not risk-free. When using social media to evaluate candidates for employment, organizations should create an ethical barrier between those who hire and those who research the social media to prevent protected information from reaching the decision maker. Often, information, such as marital status, religion, and race, is found during the evaluation. The ethical barrier helps prevent the appearance of impropriety regarding such information. Many employers are hiring third parties to conduct these searches to ensure that such information does not accidentally make its way to the decision makers.
Privacy Laws The issues regarding the Health Insurance Portability and Accountability Act (HIPAA) are well known, and many resources are available for those interested. However, a number of states have privacy laws or common law precedents that offer additional protections for patients. They may also provide a private right of action. In Doe v. Guthrie Clinic (2014a), a patient attempted to apply HIPAA and state privacy laws against a corporation based on the actions of its employee. The patient was being treated for a sexually transmitted disease when a nurse employee recognized him as the boyfriend of her sister-in-law. She sent text messages to her sister-in-law, telling her of the patient’s diagnosis and course of treatment. When the patient complained to the clinic, the incident was investigated, and the nurse was fired. The patient then sued the nurse and clinic in federal court. On appeal, the court ruled that the clinic could not be held liable (Doe v. Guthrie Clinic, 2014b), though one judge wrote a dissenting opinion based on the state law claim: The ease with which confidential patient information can now spread through personal digital devices and across social networks demands a strong legal regime to protect a patient’s confidentiality. A cause of action directly against a medical corporation, unhampered by questions as to whether an employee’s conduct occurred within the scope of employment, ensures the fullest protections for patients and best addresses the current realities of medical service delivery (emphasis added). This opinion is important because dissenting opinions sometimes become the basis for the passage of new laws, and this opinion addresses how information is electronically captured, stored, and transmitted, which mirrors the legislative intent of the SCA.
Volume 6/Issue 4 January 2016
The dissenting opinion also stated: “As the majority notes, it is the medical corporation itself, not merely its employees, which owes the duty of confidentiality to the patient” (emphasis added). News stories about domestic government surveillance programs (“NSA surveillance exposed,” n.d.), the hacking of major corporations’ customer data (Bertrand, 2014), and the wholesale release of sensitive, personal information stolen from dating sites appear regularly (Weise & Vanden Brook, 2015). The result is strong political pressure for legislatures to enact enhanced protections for personal information. Health care leaders should work with political advocates to limit liability for privacy violations to employers. Posted pictures and videos create additional privacy concerns because background information may reveal protected health information. Policies against unapproved photographing and videotaping on hospital premises and enforcement of those policies should be considered.
National Labor Relations Act The National Labor Relations Act (NLRA) is often used by employees when challenging the actions of their employers. Congress enacted the NLRA to protect the rights of employees and employers, encourage collective bargaining, and curtail certain private-sector labor and management practices that can harm workers, businesses, and the U.S. economy (National Labor Relations Board [NLRB], 1935). Any employees may file a complaint with the National Labor Relations Board (NLRB, n.d.). Section 7 of the NLRA states the following regarding the right of employees: Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all of such activities except to the extent that such right may be affected by an agreement requiring membership in a labor organization as a condition of employment as authorized in section 8(a)(3) [section 158(a)(3) of this title]. Although the statute uses the words “bargain collectively through representatives,” NLRA protections are afforded to all nonmanagement employees regardless of union membership. The NLRB considers a rule to be unlawful if it explicitly restricts Section 7 activity or if an employee would reasonably construe the language to prohibit Section 7 activity, the policy was promulgated in response to union activity, or the rule has been applied to restrict Section 7 rights (Martin Luther Memorial Home, Inc., 2004). In the following cases, the provision regarding an employee reasonably construing the language to prohibit Section 7 was the most widely cited. Leaders who are drafting social media policies should understand that a policy must be written in a way www.journalofnursingregulation.com
47
that employees do not reasonably construe a constriction of their rights. The NLRB stated in the McKesson Corporation (2011) case and through published memorandums (NLRB, 2012) that the use of a savings clause will not save an otherwise unlawful policy. Unlawfully Overbroad Policies
The applicability of NLRA protections to social media posts was addressed in American Medical Response of Connecticut (2010). In this case, a paramedic posted, “I can’t believe they let a 17 be a supervisor.” (“17” was the ambulance code for a mental patient.) When the paramedic was brought in for a discussion, her employer denied her union representation. The paramedic then went online and called the employer several unsavory names and was fired shortly thereafter. Upon review of the circumstances, the NLRB filed a complaint against the company. The NLRB had addressed social media before, but it stood by the employer’s right to maintain order in the workplace. The importance of this case is the change in the NLRB’s position that social media postings would have the same test applied as inperson statements. The case was settled before trial, and therefore has no precedential value. However, the Costco Wholesale Corporation (2010) decision reiterated the stance of the NLRB in American Medical Response of Connecticut. The Costco decision also continued the movement to invalidate facially neutral policy statements applicable to nonunion employees. The main reason cited for invalidating these policies is that an employee could reasonably construe that they restricted his or her Section 7 rights under the NLRA. Three weeks after the Costco decision, a majority of the NLRB invalidated a courtesy provision in the Karl Knauz Motors Inc. (2011) case. The three board members agreed that a posting about an auto accident at another dealership was unprotected. However, they disagreed on the lawfulness of the provision that stated employees were expected to be “courteous, polite, and friendly” to customers, vendors, and coworkers and that employees should not be “disrespectful, or use profanity or any other language which injures the image or reputation of the Dealership.” The disagreement among board members focused on whether the provision could reasonably be construed by an employee to be prohibiting his or her Section 7 rights. A majority of the board held that an employee “reading this rule would reasonably assume that the Respondent would regard statements of protest or criticism as disrespectful or injurious to the image or reputation of the Dealership,” making the provision “unlawfully overbroad.” These two cases combined with the statement that a savings clause is insufficient should serve as a warning to employers that the burden is on them to draft policies that are easily understood by employees. Fortunately, the NLRB will read these policies in context, so that prohibitions that use limiting language would likely survive a review. Examples of this type of language can be found in the Walmart policy, which the NLRB has held out as being “not unlawfully overbroad” (NLRB, 2012). 48
Journal of Nursing Regulation
Liking a Post
Users of some social media platforms have the ability to like a posting. In the Triple Play Sports Bar (2014) case, an employee who posted negative comments about management incorrectly determining the amount of taxes withheld from paychecks was fired for “not being loyal enough.” Another employee who liked the posting was fired for the same reason. The novel question in this case was the determination by the NLRB that the simple act of hitting the “like” button was sufficient to rise to the level of protected concerted activity. This finding was upheld in an unpublished summary order by the U.S. 2nd Circuit Court of Appeals. Use of Profanity
Although content of speech is protected, the manner, tone, and language used by the employee to convey the message may be grounds for determining that he or she has relinquished those protections. Suppose a post used the term “$%!#* MORON” rather than “complete MORON.” There is precedent stating that the use of profanity, threats, or malicious or physically aggressive behavior in the delivery of that message can be grounds for an employee to lose NLRA protections (Meyers Industries, 1986). However, some recent cases have placed limitations on the application of the precedent (Pier Sixty, LLC, 2015). In the Pier Sixty (2015) case, an employee posted the following on Facebook at a catering event: “Bob is such a NASTY “$%!#*----- don’t know how to talk to people!!! What a LOSER!! Vote YES for the UNION!!!” (explicatives redacted) The employee challenged his discharge. In ruling in favor of the employee, the two majority members of the NLRB noted that employers and coworkers used profanity routinely in the workplace, making the employee’s use of profanity not unusual. Another factor the board said it would consider in the explanation of its ruling is whether any disciplinary actions taken were typical of those taken against others in similar circumstances or were disproportionate to the offense. Leaders should not see this ruling as a move towards protecting all profane speech. The ruling indicates that corporate culture plays a role in the analysis. If an organization allows its leaders or others to use similar language without addressing it, there may be grounds for an employee to argue that his or her use of similar language is acceptable in the workplace. Individual Gripe
In the Tasker Healthcare Group (2012) case, an employee posted “Fire Me…MAKE MY DAY!” The post was in response to the possibility that a returning employee would be made a supervisor. The employee was fired for the post, and subsequently, the NLRB ruled that the action was not protected. The advice memorandum of the associate general counsel stressed that no other employees took part in the conversation. The memorandum further noted that to enjoy the protections of
the NLRA, the employee’s activity must involve shared concerns about the terms and conditions of employment. In this case, the statement was seen as an individual gripe. This finding sets a boundary and somewhat balances the recent movement towards an expanded reading of protections for employees. Leaders should periodically review NLRB cases and literature for information on new rulings on social media posts and make relevant findings known to the management team.
Nurse Practice Acts Nurses often share details about difficult patients and families, involvement in a tough procedure, or the impact that caring for others has on their lives. Though discussion of these issues among fellow staff members can help improve the workplace, posting them online can result in a report to the state board of nursing (BON). Such a posting can create a difficult situation for an employer: The nurse’s posting may be a violation of the NPA even though it falls under the protection of the SCA, NLRA, or other statutes. Although a posting may be protected by one statute, that protection does not supersede violations of other statutes or professional ethics. Reporting a nurse to the BON is a challenging decision for any leader. It places the employer and employee at odds, risks damaging relationships beyond the individual employee, and risks claims of retaliation (Marsh, 2015). One can easily imagine a scenario in which two nurses post pictures of a patient online: One posts a statement about her wonderful patient, and the other discusses how patients are suffering because of staffing cuts. If only the latter nurse is reported to the BON, a court or jury could determine that the nurse was reported because of the negative message rather than a violation of patient confidentiality. One method of counteracting claims of disparate treatment is adopting an algorithm to help determine which issues should be reported to the BON. At a minimum, this approach shows an effort to report to the BON consistently. Sharing the algorithm with hospital staff members during orientation and in-services could further demonstrate evidence of good faith on the part of leaders. In their role as public protectors, BONs have to find evidence of potential harm to a patient. In the case of a social media posting, this harm could be failing to protect confidential information, alcohol or drug abuse, moral turpitude, or other unprofessional conduct. A literature search of these issues reveals that the most common sections of the NPA at issue are those dealing with patient privacy. A 2010 survey of BONs found that 33 of 46 respondents have received complaints about nurses posting protected health information online. Resulting disciplinary action was reported by 26 of the 33 boards (National Council of State Boards of Nursing, 2011). To combat the potential for these violations, many BONs as well as the National Council of State Boards of Nursing [NCSBN] Volume 6/Issue 4 January 2016
have published social media guides that offer general advice to nurses about how to use social media in a manner that does not conflict with the NPA and professional ethics (NCSBN, 2011; Nevada State Board of Nursing, n.d.).
Whistleblower Protections A restaurant employee posted a video on YouTube that may be considered an act of whistleblowing (Stuart, 2013). The video showed meat being stored next to a dumpster. The employee claimed that the food was being hidden during an inspection (Stuart, 2013). Then, he posted a second video in which he claimed the food would be given to customers after the inspection (Harris, 2013). Questions about whether or not this type of posting would be protected under the law are far from settled, and little case law is available. Various whistleblower laws and antiretaliation provisions are most applicable when an employee files a complaint with his or her employer or reports the suspected illegal or unethical behavior internally. Whether or not a court would apply the same protections to an online posting in the absence of these actions has not been widely tested.
Conclusion Despite the risks, organizations will use social media. Over 1,500 hospitals in the United States already have a social media presence (Mayo Clinic Center for Social Media, n.d.). Organizations should train managers to navigate social media issues just as they train managers to use other tools. Committees drafting policies should use the mentioned resources as well as others. Using the Walmart social media policy (NLRB, 2012) as a template should help drafters avoid some issues that arose in the cases discussed. Leaders should also look at how often this policy is reviewed. Many hospitals review policies on a 3-year rotation. Given the fluidity with which the landscape changes, social media policies should be reviewed at least annually. Much has been written about what motivates people to post information about their employers online. Although some discussion focuses on attention seeking, a large section of the literature focuses on the frustration felt by staff members when they believe they have no other way to express their grievances to their employers. A communication strategy that actively seeks input of and feedback from employees may be the most effective strategy in the prevention of negative postings. A well-drafted social media strategy and policy supported by a culture that values open communication about issues concerning employees cannot be overemphasized as an effective approach for minimizing the risk of employees posting negative comments. But if an organization finds itself the subject of such postings, a response plan should be in place. If the response is to
www.journalofnursingregulation.com
49
call a team together to figure out the next steps, the organization is already behind.
References
American Medical Response of Connecticut. (2010). 34-CA-12576. Retrieved from www.google.com/url?sa=t&rct=j&q=&esrc=s&s ource=web&cd=1&ved=0CB0QFjAAahUKEwjx7eSX3vTIA hVI_WMKHYkbCws&url=http%3A%2F%2Fapps.nlrb. gov%2Flink%2Fdocument.aspx%2F09031d458055b9c4&usg =AFQjCNGek8bSYHl6BDV4oI22wPQBR-HaJA&sig2=6l9l2BBfYsUC2842JNV-Q Bertrand, N. (2014, October 20). Here’s what happened to your target data that was hacked. Business Insider. Retrieved from www. businessinsider.com/heres-what-happened-to-your-target-datathat-was-hacked-2014-10 Chokshi, N. (2015). This Arkansas bill would let bosses force employees to friend them on Facebook. The Washington Post. Retrieved from www.washingtonpost.com/blogs/govbeat/ wp/2015/03/24/this-arkansas-bill-would-let-bosses-forceemployees-to-friend-them-on-facebook/ Costco Wholesale Corporation. (2010). 34-CA-12421. Retrieved from www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd =1&ved=0CB0QFjAAahUKEwj9qrm73vTIAhUX22MKHRH aBpc&url=http%3A%2F%2Fapps.nlrb. gov%2Flink%2Fdocument.aspx%2F09031d458038f1bc&usg= AFQjCNEfL7vSPylQwD_cQA7x_De6eXtEvQ&sig2=bOoHJ7 T6ORHJUqKSwMmZIQ Doe v. Guthrie Clinic. (2014a). Docket No. 12-1045cv (2nd Cir., January 27, 2014). Retrieved from http://law.justia.com/cases/federal/appellate-courts/ca2/12-1045/12-1045-2013-03-25.html Doe v. Guthrie Clinic. (2014b). No. 224, 2014 WL 66644 (N.Y. January 9, 2014). Retrieved from http://caselaw.findlaw.com/us-2ndcircuit/1655765.html Ehling v. Monmouth-Ocean Hospital. (2012). No. 2:11-cv-03305 (WJM) (D.N.J. May 30, 2012). Retrieved from http://law.justia.com/cases/federal/district-courts/new-jersey/ njdce/2:2011cv03305/260497/23/ 18 U.S. Code. (2010). Chapter 121. Retrieved from www.gpo.gov/ fdsys/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap121.htm Harris, J. (2013). Video of food at a Golden Corral dumpster goes viral. Los Angeles Times. Retrieved from www.latimes.com/food/ dailydish/la-dd-golden-corral-dumpster-food-video-goes-viral20130708-story.html Karl Knauz Motors Inc. (2011). 13-CA-46452. Retrieved from www. google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ve d=0CB0QFjAAahUKEwjLj5773vTIAhUVK4gKHZmkB08&u rl=http%3A%2F%2Fapps.nlrb.gov%2Flink%2Fdocument.asp x%2F09031d4580683b21&usg=AFQjCNEypyE1IIEHqk8GW rwxb4ewj-zNlg&sig2=o9oq-aH8kSi4OCXxqpKWMw Marsh, J., M.(2015, May 13). Jury awards $2 million to nurse for “defamatory” report to board of nursing. Retrieved from www. minnesotaemploymentlawreport.com/defamation/jury-awards2-million-to-nurse-for-defamatory-report-to-board-of-nursing/ Martin Luther Memorial Home, Inc. (2004). 7-CA-44877 (343 NLRB No. 75 pp. 646–647). Retrieved from http://webcache.googleusercontent.com/search?q=cache:_6dYhhnRFpcJ:apps.nlrb.gov/ link/document.aspx/09031d4580022ea0+&cd=1&hl=en&ct=cl nk&gl=us Mayo Clinic Center for Social Media. (n.d.). Health care social media list. Retrieved from http://socialmedia.mayoclinic.org/hcsmlgrid/
50
Journal of Nursing Regulation
McKesson Corporation. (2011). Number: 06-CA-066504. Retrieved from www.nlrb.gov/case/06-CA-066504 Merriam-Webster. (2015). Social media. Retrieved from www.merriam-webster.com/dictionary/social%20media Meyers Industries. (1986). 7-CA-17207. Retrieved from www.google. com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0C CUQFjAAahUKEwiUlviC4vTIAhWXVogKHaO3CjM&url=h ttp%3A%2F%2Fapps.nlrb.gov%2Flink%2Fdocument.aspx%2 F09031d45801b30b6&usg=AFQjCNHLJBM1JOn_HBj8pxX-BwYOIFhHg&sig2=okZznAc85EvVi1a0XlWsmA National Council of State Boards of Nursing. (2011). A nurse’s guide to the use of social media. Retrieved from www.ncsbn.org/NCSBN_ SocialMedia.pdf National Labor Relations Board. (1935). National Labor Relations Act. Retrieved from www.nlrb.gov/resources/national-labor-relations-act National Labor Relations Board. (2012). OM 12-59. Retrieved from www.nlrb.gov/reports-guidance/operations-managementmemos?memo_number=OM%5C%2012&page=1 National Labor Relations Board. (n.d.). Protected concerted activity. Retrieved from www.nlrb.gov/rights-we-protect/protected-concerted-activity Nevada State Board of Nursing. (n.d.). Social media guidelines. Retrieved from http://nevadanursingboard.org/practice-and-discipline/www-ncsbn-org2930-htm/ NSA surveillance exposed. (n.d.). CBS News. Retrieved from www. cbsnews.com/feature/nsa-surveillance-exposed/ Pier Sixty, LLC. (2015). 02-CA-068612. Retrieved from www.nlrb. gov/case/02-CA-068612 Pietrylo v. Hillstone Restaurant Group. (2008). Civil Case No. 06- 5754 (FSH) (D.N.J, July 24, 2008). Retrieved from www.steptoe. com/assets/attachments/3884.pdf Stuart, H. (2013, July 9). Golden Corral dumpster food? Video shows trays of meat stored near trash. Huffington Business. Retrieved from www.huffingtonpost.com/2013/07/08/goldencorral-dumpster_n_3560786.html Tasker Healthcare Group. (2012). 04-CA-094222. Retrieved from www.nlrb.gov/case/04-CA-094222 Triple Play Sports Bar. (2014). 34-CA-012915. Retrieved from www. nlrb.gov/case/34-CA-012915?order=ds_activity&sort=asc Weise, E., & Vanden Brook, T. (2015, August 22). More Ashley Madison files published. USA Today. Retrieved from www.usatoday.com/story/tech/2015/08/20/ashley-madison-databasehack-cheating-vatican/32052195/
Dann W. Brown, JD, RN, CPPS, CPHRM, FASHRM, is a senior health care risk management consultant for Zurich Insurance Services in Addison, Texas.
S
ocial media are the “forms of electronic communication through which users create online communities to share information, ideas, personal messages, and other content” (Merriam-Webster, 2015). These forms of communication have become conduits for public discourse about almost any issue, including grievances related to the workplace. For virtually no cost, social media allow one or two dedicated people to post content that can have a devastating impact. Factual accuracy is not a prerequisite. Understandably, employers are concerned about preventing negative posts, and some have developed social media policies to control employees’ online activity. Certain elements of these policies define how employees should identify their affiliation with the organization, the tone of language they should use, and limitations on the type of information an employee may share. Often, these policies are drafted without an awareness of the relevant statutes and regulations; however, even a well-intentioned statement indicating that all postings should use a civil tone can run afoul of a statute. Suppose a staff nurse shows a manager a printout of a social media posting by another nurse. The post reads: “My boss is INCOMPETENT! Who assigns a nurse eight patients down three different hallways???” The printout also shows other employees liked the post. The manager has several questions to consider. Is the facility mentioned by name? Can the employer otherwise be identified? Does the post violate the organization’s social media policy? Is the post offensive? Is it insubordinate? Should the organization respond to the post? If so, how and who should respond? Should the manager take action against the nurse? If so, what action is appropriate? Did the nurse violate patient privacy? Did the nurse violate the state nurse practice act (NPA)? Is the nurse’s speech protected? Can the poster claim other legal protections? What,
Volume 6/Issue 4 January 2016
if anything, should be done about the employees who liked the post? These are just a few of the questions that should be considered when an organization is drafting a policy or is made aware of posts by employees. Although policies should address multiple types of postings, this article will focus on negative postings by employees.
Federal Stored Communications Act Often, courts determine that sharing communications with a third party relinquishes the expectation of privacy. Because almost all e-mail is transmitted through and stored by an outside company, the design of the system automatically turns over all communications to a third party. Thus, a court that applied this traditional reasoning would likely rule that all e-mail communication is unprotected. To prevent such rulings, Congress enacted the Federal Stored Communications Act (SCA) (18 U.S. Code, 2010, Chapter 121 §§ 2701–2712) to reflect the current reality of electronic communications and ensure that the technical nature of the operating systems did not create an automatic erosion of protections. The SCA also limits the ability of Internet service providers to turn over communications to nongovernment entities (18 U.S. Code, 2010, Chapter 121 § 2702) and prevents employers from improperly accessing the private accounts of employees (18 U.S. Code, 2010, Chapter 121 § 2707). The statute explicitly provides a private right to action to recover damages and reasonable legal fees if a violation occurs (18 U.S. Code, 2010, Chapter 121 § 2707). The application of the SCA to social media communications was addressed in Ehling v. Monmouth-Ocean Hospital (2012; Table 1). In this case, the plaintiff had the privacy settings for her Facebook page set so only friends could see it. The plaintiff www.journalofnursingregulation.com
45
TABLE 1
Significant Legal Decisions Case
Jurisdiction
Importance of the Decision
American Medical Response of Connecticut
NLRB
NLRA applies to social media postings.
Costco Wholesale Corporation
NLRB
Precedential case for applicability to social media.
Doe v. Guthrie Clinic
2nd Circuit
Dissenting opinion: Corporations liable for privacy breach despite employee acting outside scope of employment.
Ehling v. Monmouth-Ocean Hospital
U.S. District Court NJ
Facebook postings are covered by the SCA.
Karl Knauz Motors Inc.
NLRB
Courtesy provisions ran afoul of the NLRA.
Martin Luther Memorial Home Inc.
NLRB
Test for determining NLRA protections.
McKesson Corporation
NLRB
Savings clause is not enough to save an otherwise unlawful policy.
Meyers Industries
U.S. District Court DC
Employee behavior can relinquish NLRA protections.
Pier Sixty LLC
NLRB
Use of profanity does not automatically relinquish NLRA protections.
Pietrylo v. Hillstone Restaurant Group
U.S. District Court NJ
Passwords are protected for employees’ private accounts.
Tasker Healthcare Group
NLRB
Individual gripes are not protected by the NLRA.
Triple Play Sports Bar
NLRB and 2nd Circuit
Use of the "like" button can be considered concerted activity.
Note. NLRB = National Labor Relations Board; NLRA = National Labor Relations Act; SCA = Federal Stored Communications Act
included several coworkers but none of her managers as friends. Without her knowledge, a friend was taking screenshots of her posts and sending them to management. When she was disciplined for her posts, she filed suit claiming that the hospital violated the SCA by improperly accessing her Facebook account. The court found in favor of the hospital because it did not have an active role in obtaining the information. However, the court did hold that nonpublic Facebook wall posts are covered by the SCA. The court stated that because the plaintiff chose privacy settings limiting access to her Facebook friends that her wall posts were covered by the SCA. The following three features of this case are important: 1. The SCA can be applied to social media postings. 2. The critical question in determining applicability is whether the user took steps to limit access to the information on his or her Facebook walls. 3. The hospital did not obtain the information nor cause it to be obtained. The last aspect should be included in the training of every organization leader. Any actions by leaders to access information or to cause information to be accessed on their behalf can jeopardize the defense to an SCA claim. Employers should also be mindful when using unsolicited information because the question of responsibility for obtaining it would likely rest on the testimony of the employee who provided it.
46
Journal of Nursing Regulation
Password Protection Laws At the time of this writing, 15 states have enacted some form of password protection statute, prohibiting employers from requiring their employees or applicants to provide passwords to personal accounts or to “friend” them. Eleven other states have current proposals, and 14 more had their efforts fail or die in committee. Only one state, Arkansas, has seen an attempt to repeal or curtail such a statute (Chokshi, 2015). Pietrylo v. Hillstone Restaurant Group (2008) was one of the first cases to address an employer’s use of employees’ passwords. Two employees created a password-protected MySpace page that they used as a forum for grievances against their employer. They invited some coworkers to join the page, but no managers. Management became aware of the site when one of the invited employees showed them a posting. Management twice requested the user ID and password from one of the employees, and eventually she obliged. Management logged into the site a few times and subsequently fired the two site creators for damaging employee morale and violating the restaurant’s core values. The central issue at trial was whether the employee was coerced into giving up the user ID and password. The employee testified that she felt pressured to hand over the information. The jury found in favor of the employee, and the decision was upheld. Although this case was not released for publication, it serves as a warning to employers to tread carefully when using social media as an element of a personnel investigation. Even if an employee provides password information, the employer cannot prevent the employee from subsequently stating that he or
she felt pressured to provide it. Without reliable evidence that an employee is damaging the employer’s interests, passwordprotected sites should be left alone. If damaging information is posted and the employer asks for access, a later claim of coercion by the employee may be weakened, though this approach is not risk-free. When using social media to evaluate candidates for employment, organizations should create an ethical barrier between those who hire and those who research the social media to prevent protected information from reaching the decision maker. Often, information, such as marital status, religion, and race, is found during the evaluation. The ethical barrier helps prevent the appearance of impropriety regarding such information. Many employers are hiring third parties to conduct these searches to ensure that such information does not accidentally make its way to the decision makers.
Privacy Laws The issues regarding the Health Insurance Portability and Accountability Act (HIPAA) are well known, and many resources are available for those interested. However, a number of states have privacy laws or common law precedents that offer additional protections for patients. They may also provide a private right of action. In Doe v. Guthrie Clinic (2014a), a patient attempted to apply HIPAA and state privacy laws against a corporation based on the actions of its employee. The patient was being treated for a sexually transmitted disease when a nurse employee recognized him as the boyfriend of her sister-in-law. She sent text messages to her sister-in-law, telling her of the patient’s diagnosis and course of treatment. When the patient complained to the clinic, the incident was investigated, and the nurse was fired. The patient then sued the nurse and clinic in federal court. On appeal, the court ruled that the clinic could not be held liable (Doe v. Guthrie Clinic, 2014b), though one judge wrote a dissenting opinion based on the state law claim: The ease with which confidential patient information can now spread through personal digital devices and across social networks demands a strong legal regime to protect a patient’s confidentiality. A cause of action directly against a medical corporation, unhampered by questions as to whether an employee’s conduct occurred within the scope of employment, ensures the fullest protections for patients and best addresses the current realities of medical service delivery (emphasis added). This opinion is important because dissenting opinions sometimes become the basis for the passage of new laws, and this opinion addresses how information is electronically captured, stored, and transmitted, which mirrors the legislative intent of the SCA.
Volume 6/Issue 4 January 2016
The dissenting opinion also stated: “As the majority notes, it is the medical corporation itself, not merely its employees, which owes the duty of confidentiality to the patient” (emphasis added). News stories about domestic government surveillance programs (“NSA surveillance exposed,” n.d.), the hacking of major corporations’ customer data (Bertrand, 2014), and the wholesale release of sensitive, personal information stolen from dating sites appear regularly (Weise & Vanden Brook, 2015). The result is strong political pressure for legislatures to enact enhanced protections for personal information. Health care leaders should work with political advocates to limit liability for privacy violations to employers. Posted pictures and videos create additional privacy concerns because background information may reveal protected health information. Policies against unapproved photographing and videotaping on hospital premises and enforcement of those policies should be considered.
National Labor Relations Act The National Labor Relations Act (NLRA) is often used by employees when challenging the actions of their employers. Congress enacted the NLRA to protect the rights of employees and employers, encourage collective bargaining, and curtail certain private-sector labor and management practices that can harm workers, businesses, and the U.S. economy (National Labor Relations Board [NLRB], 1935). Any employees may file a complaint with the National Labor Relations Board (NLRB, n.d.). Section 7 of the NLRA states the following regarding the right of employees: Employees shall have the right to self-organization, to form, join, or assist labor organizations, to bargain collectively through representatives of their own choosing, and to engage in other concerted activities for the purpose of collective bargaining or other mutual aid or protection, and shall also have the right to refrain from any or all of such activities except to the extent that such right may be affected by an agreement requiring membership in a labor organization as a condition of employment as authorized in section 8(a)(3) [section 158(a)(3) of this title]. Although the statute uses the words “bargain collectively through representatives,” NLRA protections are afforded to all nonmanagement employees regardless of union membership. The NLRB considers a rule to be unlawful if it explicitly restricts Section 7 activity or if an employee would reasonably construe the language to prohibit Section 7 activity, the policy was promulgated in response to union activity, or the rule has been applied to restrict Section 7 rights (Martin Luther Memorial Home, Inc., 2004). In the following cases, the provision regarding an employee reasonably construing the language to prohibit Section 7 was the most widely cited. Leaders who are drafting social media policies should understand that a policy must be written in a way www.journalofnursingregulation.com
47
that employees do not reasonably construe a constriction of their rights. The NLRB stated in the McKesson Corporation (2011) case and through published memorandums (NLRB, 2012) that the use of a savings clause will not save an otherwise unlawful policy. Unlawfully Overbroad Policies
The applicability of NLRA protections to social media posts was addressed in American Medical Response of Connecticut (2010). In this case, a paramedic posted, “I can’t believe they let a 17 be a supervisor.” (“17” was the ambulance code for a mental patient.) When the paramedic was brought in for a discussion, her employer denied her union representation. The paramedic then went online and called the employer several unsavory names and was fired shortly thereafter. Upon review of the circumstances, the NLRB filed a complaint against the company. The NLRB had addressed social media before, but it stood by the employer’s right to maintain order in the workplace. The importance of this case is the change in the NLRB’s position that social media postings would have the same test applied as inperson statements. The case was settled before trial, and therefore has no precedential value. However, the Costco Wholesale Corporation (2010) decision reiterated the stance of the NLRB in American Medical Response of Connecticut. The Costco decision also continued the movement to invalidate facially neutral policy statements applicable to nonunion employees. The main reason cited for invalidating these policies is that an employee could reasonably construe that they restricted his or her Section 7 rights under the NLRA. Three weeks after the Costco decision, a majority of the NLRB invalidated a courtesy provision in the Karl Knauz Motors Inc. (2011) case. The three board members agreed that a posting about an auto accident at another dealership was unprotected. However, they disagreed on the lawfulness of the provision that stated employees were expected to be “courteous, polite, and friendly” to customers, vendors, and coworkers and that employees should not be “disrespectful, or use profanity or any other language which injures the image or reputation of the Dealership.” The disagreement among board members focused on whether the provision could reasonably be construed by an employee to be prohibiting his or her Section 7 rights. A majority of the board held that an employee “reading this rule would reasonably assume that the Respondent would regard statements of protest or criticism as disrespectful or injurious to the image or reputation of the Dealership,” making the provision “unlawfully overbroad.” These two cases combined with the statement that a savings clause is insufficient should serve as a warning to employers that the burden is on them to draft policies that are easily understood by employees. Fortunately, the NLRB will read these policies in context, so that prohibitions that use limiting language would likely survive a review. Examples of this type of language can be found in the Walmart policy, which the NLRB has held out as being “not unlawfully overbroad” (NLRB, 2012). 48
Journal of Nursing Regulation
Liking a Post
Users of some social media platforms have the ability to like a posting. In the Triple Play Sports Bar (2014) case, an employee who posted negative comments about management incorrectly determining the amount of taxes withheld from paychecks was fired for “not being loyal enough.” Another employee who liked the posting was fired for the same reason. The novel question in this case was the determination by the NLRB that the simple act of hitting the “like” button was sufficient to rise to the level of protected concerted activity. This finding was upheld in an unpublished summary order by the U.S. 2nd Circuit Court of Appeals. Use of Profanity
Although content of speech is protected, the manner, tone, and language used by the employee to convey the message may be grounds for determining that he or she has relinquished those protections. Suppose a post used the term “$%!#* MORON” rather than “complete MORON.” There is precedent stating that the use of profanity, threats, or malicious or physically aggressive behavior in the delivery of that message can be grounds for an employee to lose NLRA protections (Meyers Industries, 1986). However, some recent cases have placed limitations on the application of the precedent (Pier Sixty, LLC, 2015). In the Pier Sixty (2015) case, an employee posted the following on Facebook at a catering event: “Bob is such a NASTY “$%!#*----- don’t know how to talk to people!!! What a LOSER!! Vote YES for the UNION!!!” (explicatives redacted) The employee challenged his discharge. In ruling in favor of the employee, the two majority members of the NLRB noted that employers and coworkers used profanity routinely in the workplace, making the employee’s use of profanity not unusual. Another factor the board said it would consider in the explanation of its ruling is whether any disciplinary actions taken were typical of those taken against others in similar circumstances or were disproportionate to the offense. Leaders should not see this ruling as a move towards protecting all profane speech. The ruling indicates that corporate culture plays a role in the analysis. If an organization allows its leaders or others to use similar language without addressing it, there may be grounds for an employee to argue that his or her use of similar language is acceptable in the workplace. Individual Gripe
In the Tasker Healthcare Group (2012) case, an employee posted “Fire Me…MAKE MY DAY!” The post was in response to the possibility that a returning employee would be made a supervisor. The employee was fired for the post, and subsequently, the NLRB ruled that the action was not protected. The advice memorandum of the associate general counsel stressed that no other employees took part in the conversation. The memorandum further noted that to enjoy the protections of
the NLRA, the employee’s activity must involve shared concerns about the terms and conditions of employment. In this case, the statement was seen as an individual gripe. This finding sets a boundary and somewhat balances the recent movement towards an expanded reading of protections for employees. Leaders should periodically review NLRB cases and literature for information on new rulings on social media posts and make relevant findings known to the management team.
Nurse Practice Acts Nurses often share details about difficult patients and families, involvement in a tough procedure, or the impact that caring for others has on their lives. Though discussion of these issues among fellow staff members can help improve the workplace, posting them online can result in a report to the state board of nursing (BON). Such a posting can create a difficult situation for an employer: The nurse’s posting may be a violation of the NPA even though it falls under the protection of the SCA, NLRA, or other statutes. Although a posting may be protected by one statute, that protection does not supersede violations of other statutes or professional ethics. Reporting a nurse to the BON is a challenging decision for any leader. It places the employer and employee at odds, risks damaging relationships beyond the individual employee, and risks claims of retaliation (Marsh, 2015). One can easily imagine a scenario in which two nurses post pictures of a patient online: One posts a statement about her wonderful patient, and the other discusses how patients are suffering because of staffing cuts. If only the latter nurse is reported to the BON, a court or jury could determine that the nurse was reported because of the negative message rather than a violation of patient confidentiality. One method of counteracting claims of disparate treatment is adopting an algorithm to help determine which issues should be reported to the BON. At a minimum, this approach shows an effort to report to the BON consistently. Sharing the algorithm with hospital staff members during orientation and in-services could further demonstrate evidence of good faith on the part of leaders. In their role as public protectors, BONs have to find evidence of potential harm to a patient. In the case of a social media posting, this harm could be failing to protect confidential information, alcohol or drug abuse, moral turpitude, or other unprofessional conduct. A literature search of these issues reveals that the most common sections of the NPA at issue are those dealing with patient privacy. A 2010 survey of BONs found that 33 of 46 respondents have received complaints about nurses posting protected health information online. Resulting disciplinary action was reported by 26 of the 33 boards (National Council of State Boards of Nursing, 2011). To combat the potential for these violations, many BONs as well as the National Council of State Boards of Nursing [NCSBN] Volume 6/Issue 4 January 2016
have published social media guides that offer general advice to nurses about how to use social media in a manner that does not conflict with the NPA and professional ethics (NCSBN, 2011; Nevada State Board of Nursing, n.d.).
Whistleblower Protections A restaurant employee posted a video on YouTube that may be considered an act of whistleblowing (Stuart, 2013). The video showed meat being stored next to a dumpster. The employee claimed that the food was being hidden during an inspection (Stuart, 2013). Then, he posted a second video in which he claimed the food would be given to customers after the inspection (Harris, 2013). Questions about whether or not this type of posting would be protected under the law are far from settled, and little case law is available. Various whistleblower laws and antiretaliation provisions are most applicable when an employee files a complaint with his or her employer or reports the suspected illegal or unethical behavior internally. Whether or not a court would apply the same protections to an online posting in the absence of these actions has not been widely tested.
Conclusion Despite the risks, organizations will use social media. Over 1,500 hospitals in the United States already have a social media presence (Mayo Clinic Center for Social Media, n.d.). Organizations should train managers to navigate social media issues just as they train managers to use other tools. Committees drafting policies should use the mentioned resources as well as others. Using the Walmart social media policy (NLRB, 2012) as a template should help drafters avoid some issues that arose in the cases discussed. Leaders should also look at how often this policy is reviewed. Many hospitals review policies on a 3-year rotation. Given the fluidity with which the landscape changes, social media policies should be reviewed at least annually. Much has been written about what motivates people to post information about their employers online. Although some discussion focuses on attention seeking, a large section of the literature focuses on the frustration felt by staff members when they believe they have no other way to express their grievances to their employers. A communication strategy that actively seeks input of and feedback from employees may be the most effective strategy in the prevention of negative postings. A well-drafted social media strategy and policy supported by a culture that values open communication about issues concerning employees cannot be overemphasized as an effective approach for minimizing the risk of employees posting negative comments. But if an organization finds itself the subject of such postings, a response plan should be in place. If the response is to
www.journalofnursingregulation.com
49
call a team together to figure out the next steps, the organization is already behind.
References
American Medical Response of Connecticut. (2010). 34-CA-12576. Retrieved from www.google.com/url?sa=t&rct=j&q=&esrc=s&s ource=web&cd=1&ved=0CB0QFjAAahUKEwjx7eSX3vTIA hVI_WMKHYkbCws&url=http%3A%2F%2Fapps.nlrb. gov%2Flink%2Fdocument.aspx%2F09031d458055b9c4&usg =AFQjCNGek8bSYHl6BDV4oI22wPQBR-HaJA&sig2=6l9l2BBfYsUC2842JNV-Q Bertrand, N. (2014, October 20). Here’s what happened to your target data that was hacked. Business Insider. Retrieved from www. businessinsider.com/heres-what-happened-to-your-target-datathat-was-hacked-2014-10 Chokshi, N. (2015). This Arkansas bill would let bosses force employees to friend them on Facebook. The Washington Post. Retrieved from www.washingtonpost.com/blogs/govbeat/ wp/2015/03/24/this-arkansas-bill-would-let-bosses-forceemployees-to-friend-them-on-facebook/ Costco Wholesale Corporation. (2010). 34-CA-12421. Retrieved from www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd =1&ved=0CB0QFjAAahUKEwj9qrm73vTIAhUX22MKHRH aBpc&url=http%3A%2F%2Fapps.nlrb. gov%2Flink%2Fdocument.aspx%2F09031d458038f1bc&usg= AFQjCNEfL7vSPylQwD_cQA7x_De6eXtEvQ&sig2=bOoHJ7 T6ORHJUqKSwMmZIQ Doe v. Guthrie Clinic. (2014a). Docket No. 12-1045cv (2nd Cir., January 27, 2014). Retrieved from http://law.justia.com/cases/federal/appellate-courts/ca2/12-1045/12-1045-2013-03-25.html Doe v. Guthrie Clinic. (2014b). No. 224, 2014 WL 66644 (N.Y. January 9, 2014). Retrieved from http://caselaw.findlaw.com/us-2ndcircuit/1655765.html Ehling v. Monmouth-Ocean Hospital. (2012). No. 2:11-cv-03305 (WJM) (D.N.J. May 30, 2012). Retrieved from http://law.justia.com/cases/federal/district-courts/new-jersey/ njdce/2:2011cv03305/260497/23/ 18 U.S. Code. (2010). Chapter 121. Retrieved from www.gpo.gov/ fdsys/pkg/USCODE-2010-title18/html/USCODE-2010-title18-partI-chap121.htm Harris, J. (2013). Video of food at a Golden Corral dumpster goes viral. Los Angeles Times. Retrieved from www.latimes.com/food/ dailydish/la-dd-golden-corral-dumpster-food-video-goes-viral20130708-story.html Karl Knauz Motors Inc. (2011). 13-CA-46452. Retrieved from www. google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ve d=0CB0QFjAAahUKEwjLj5773vTIAhUVK4gKHZmkB08&u rl=http%3A%2F%2Fapps.nlrb.gov%2Flink%2Fdocument.asp x%2F09031d4580683b21&usg=AFQjCNEypyE1IIEHqk8GW rwxb4ewj-zNlg&sig2=o9oq-aH8kSi4OCXxqpKWMw Marsh, J., M.(2015, May 13). Jury awards $2 million to nurse for “defamatory” report to board of nursing. Retrieved from www. minnesotaemploymentlawreport.com/defamation/jury-awards2-million-to-nurse-for-defamatory-report-to-board-of-nursing/ Martin Luther Memorial Home, Inc. (2004). 7-CA-44877 (343 NLRB No. 75 pp. 646–647). Retrieved from http://webcache.googleusercontent.com/search?q=cache:_6dYhhnRFpcJ:apps.nlrb.gov/ link/document.aspx/09031d4580022ea0+&cd=1&hl=en&ct=cl nk&gl=us Mayo Clinic Center for Social Media. (n.d.). Health care social media list. Retrieved from http://socialmedia.mayoclinic.org/hcsmlgrid/
50
Journal of Nursing Regulation
McKesson Corporation. (2011). Number: 06-CA-066504. Retrieved from www.nlrb.gov/case/06-CA-066504 Merriam-Webster. (2015). Social media. Retrieved from www.merriam-webster.com/dictionary/social%20media Meyers Industries. (1986). 7-CA-17207. Retrieved from www.google. com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0C CUQFjAAahUKEwiUlviC4vTIAhWXVogKHaO3CjM&url=h ttp%3A%2F%2Fapps.nlrb.gov%2Flink%2Fdocument.aspx%2 F09031d45801b30b6&usg=AFQjCNHLJBM1JOn_HBj8pxX-BwYOIFhHg&sig2=okZznAc85EvVi1a0XlWsmA National Council of State Boards of Nursing. (2011). A nurse’s guide to the use of social media. Retrieved from www.ncsbn.org/NCSBN_ SocialMedia.pdf National Labor Relations Board. (1935). National Labor Relations Act. Retrieved from www.nlrb.gov/resources/national-labor-relations-act National Labor Relations Board. (2012). OM 12-59. Retrieved from www.nlrb.gov/reports-guidance/operations-managementmemos?memo_number=OM%5C%2012&page=1 National Labor Relations Board. (n.d.). Protected concerted activity. Retrieved from www.nlrb.gov/rights-we-protect/protected-concerted-activity Nevada State Board of Nursing. (n.d.). Social media guidelines. Retrieved from http://nevadanursingboard.org/practice-and-discipline/www-ncsbn-org2930-htm/ NSA surveillance exposed. (n.d.). CBS News. Retrieved from www. cbsnews.com/feature/nsa-surveillance-exposed/ Pier Sixty, LLC. (2015). 02-CA-068612. Retrieved from www.nlrb. gov/case/02-CA-068612 Pietrylo v. Hillstone Restaurant Group. (2008). Civil Case No. 06- 5754 (FSH) (D.N.J, July 24, 2008). Retrieved from www.steptoe. com/assets/attachments/3884.pdf Stuart, H. (2013, July 9). Golden Corral dumpster food? Video shows trays of meat stored near trash. Huffington Business. Retrieved from www.huffingtonpost.com/2013/07/08/goldencorral-dumpster_n_3560786.html Tasker Healthcare Group. (2012). 04-CA-094222. Retrieved from www.nlrb.gov/case/04-CA-094222 Triple Play Sports Bar. (2014). 34-CA-012915. Retrieved from www. nlrb.gov/case/34-CA-012915?order=ds_activity&sort=asc Weise, E., & Vanden Brook, T. (2015, August 22). More Ashley Madison files published. USA Today. Retrieved from www.usatoday.com/story/tech/2015/08/20/ashley-madison-databasehack-cheating-vatican/32052195/
Dann W. Brown, JD, RN, CPPS, CPHRM, FASHRM, is a senior health care risk management consultant for Zurich Insurance Services in Addison, Texas.